What to do when your Gmail account gets hacked

As many friends, family and business colleagues and clients are painfully aware of by now, my Gmail account was hacked a few weeks ago. In a matter of minutes, some yahoo had hacked into my account, locked me out and was sending the wildly creative “I’m in Spain and I need you to send me money” email SPAM.

Well done, hackers. Well done.

Although a hack like this might seem inocuous–even trivial–to some, it’s can actually be debilitating. Especially to a solo business owner who has limited infrastructure in certain spots.

As painful as this experience was, it was also an eye-opener and a blessing in disguise in some ways. I moved my professional email “on domain”–if you need my new email, send me a DM on Twitter or a private messages on Facebook and I’ll share it there. That was long overdue. And, a few days later, after numerous emails and submissions to Google, I thankfully recovered the account.

I also learned a number of other important lessons that I wanted to share with you today. I wouldn’t wish this experience on my worst enemy. But, hacking happens. And, if it happens to you, keep the following tips/lessons in mind:

Act quickly

I didn’t recover my account as quickly as I would have liked, but I’ve heard of others that have recovered their Gmail accounts within a day or two when they acted decisively. Submit your form to Google. They’ll ask you a bunch of impossible questions to determine if you’re the correct account owner. Answer those as best you can. But, cover off on that step quickly. Then, just make sure to follow the money. Most hackers are after money. If you have Paypal accounts or other bank accounts linked to that email, find those accounts and change your passwords ASAP. Shut off all connections with your money.

Go hosted, if you can

Gmail’s great. It’s the most popular email platform for a reason. But, it’s not without its limitations. Chiefly, if you get hacked you are at Google’s mercy. There’s no 1-800 number to call (for most people). No human to reach. Just a blind submission form. And, they may or may not get back to you with answers. If you’re a business owner, that’s not the answer you want to hear. So, it really leaves you with no choice but to go hosted. That way, you have access to real people when things turn south. People who can deliver answers in real time.

Communicate via other social networks

Once you’ve taken steps to unhack the hack, you need to start thinking about communications. Chances are people are sending emails to your Gmail address and expecting a reply. Only thing is: You don’t have access so they’ll never receive a reply. That’s an issue. So, you need to take immediate steps to resolve that. Post a note on the social networks you’re active on with this information and the new email address you’re now using (for me this was Facebook, Twitter and LinkedIn). Even consider using a mass text message for key clients and colleagues. You need to get the correct email address to key people as soon as you can to ensure a gap in business communications.

Ask for help

Now is not the time to be stubborn. Ask for help from your friends and family. Chances are, there’s someone who can help you with the hack. And there are certainly people who can help spread the word about your new email address. In my case, my email angel was Patrick Rhone.

Change your passwords–regularly

Learned this one the hard way, but it bears stating here. Make a calendar reminder to reset your passwords each month/every other month. It’s something I’ve put off in the past, but you can believe it’s going to be a priority going forward. It might be a huge pain-in-the-ass, but it’s worth it. I can attest.

What about you? Have you been hacked on Gmail or other platforms? What tips or lessons do you have to share?

"They’ll ask you a bunch of impossible questions to determine if you’re the correct account owner. Answer those as best you can." Nope -sorry this does not work. The hacker changed all of my "impossible questions" - when I answered what my best friend's name was, and gmail rejected "my" correct answer. The problem is our gmail accounts are also connected to youtube. All of my business presentation videos are on youtube and I have no access to them. I will never use gmail again.

Really your post is really very good and I appreciate it. It’s hard to sort the good from the bad sometimes, but I think you’ve nailed it. You write very well which is amazing. I really impressed by your post.

Scary stuff, sorry you had to go through that. I would easily be more upset about someone hacking my Gmail account than stealing my car. Glad you are now using Two-Step and changing your password. I imagine you've also starting using more complex passwords, because that makes a huge difference as well.

Glad you shared this experience, more people need to be aware of the importance of using good passwords and account security.

Care to share the type of password you employed before this hack? How unique was it? Ever since employing mnemonic passwords -- e.g. http://ariherzog.com/mnemonic-passwords/ -- and a different password for every website, I've never been hacked.

Gmail offers two-step verification whereon unrecognized computers you enter your password AND a randomly generated number (via an app or an SMS from google). It is a bit inconvenient at times, but makes it nearly impossible for your account to be hacked.

My Gmail got hacked literally right in front of my eyes...I was logged out and I couldn't log back in...luckily I was able to use the security questions to change my password before they did any damage. Crisis averted!

@Ari Herzog Won't share, but it was common (for me). So, again, most of this is on me. Good learning experience. With Two-Step now in play for me, and with changing passwords regularly, I'm feeling a lot better.